The Polish national airline, LOT, announced on Sunday that they cancelled 10 flights as a result of the airline’s ground computer systems at Warsaw’s Okecie airport being subject to attack by hackers. The airline’s ground computer systems are used to manage the flight plans for the airline. LOT stated that no ongoing flights or other airport computer systems were affected and that flights already in the air or scheduled to land at Warsaw were not at risk.

As a result of the attack LOT’s ground computer systems were unavailable for 5 hours during which time 10 flights were cancelled impacting over 1,400 passengers who had planned to travel to Dusseldorf, Hamburg, Copenhagen, and some internal flights within Poland.

LOT spokesman Adrian Kubicki said “At no point was the safety of ongoing flights compromised, and flights destined for Warsaw were able to land safely. No other airports were affected” Mr Kubicki added “We're using state-of-the-art computer systems, so this could potentially be a threat to others in the industry”.

News of this attack won’t help to assuage an industry already concerned about computer security. In May of this year the FBI said a security researcher, Chris Roberts, hacked into the Inflight Entertainment Systems 15 to 20 times over a period of three years. In one case the FBI states that Mr Roberts claimed to have accessed the software controlling an engine on one of the flights causing the plane to move laterally. While the technicalities of the claims by Mr Roberts have been hotly debated by many security experts, the incident has increased the debate on the whole area of airline security.

Earlier this year American Airlines grounded dozens of its flights due to a software problem on the iPads issued by the airline to the pilots and co-pilots for viewing flight plans. The introduction of the iPads was an initiative introduced by American Airlines to save over $1.2 million a year in fuel costs due to the reduction in weight by crew not having to carry paper based flight plans.

Like so many other business sectors around the world airlines are taking advantage of the benefits computer systems can bring in improving their processes, enhancing the customer experience, and reducing costs. Given the nature of their business the security of these computer systems, both in the air and on the ground, is of tantamount importance to airlines and their passengers. The events of today in Poland and the other previous events have raised more questions than answers regarding airline security.

In a recent and welcome announcement United Airlines launched a bug bounty program to reward security researchers for finding security vulnerabilities in its website. While only focusing on the airline’s websites and not on any of its critical systems, this is hopefully the start of an engagement by airlines with the security community in helping to make air travel more secure. After all to quote Voltaire “with great power, comes great responsibility”.

This story, "Hackers Ground Polish LOT Airline Flights" was originally published by
CSO.

Brian Honan has over 25 years experience in information security and acts as a trusted adviser to clients on matters relating to security.